[SOLVED] Can't acces LDAP through IPsec



  • Hello,

    I'm kinda new to pfSense and i didn't found any information on that so i decided to open a subject here :

    I have two pfsense connected with IPsec successfully. Each of them sharing some LAN network.

    I want my pfsense2 to be able to connect to a ldap server on the lan of the pfsense1 but it seems i can't reach it.

    If i try to make a ping from pfsense2 to the ldap server i can't acces it with the source address as Default. If i use the LAN card of my pfsense2 as the source IP it's working.

    So i'm guessing pfsense use a wrong IP as default (maybe wan address?) when he tries to connect to the LDAP server. How can i change this behavior ?

    I tried a nat rule but not working either. (the ldap IP is within the 172.20.0.0/16 subnet)



  • What about Windows firewall?



  • The firewall of the server is disabled, nothing is blocking on the server side i guess.

    The issue i think is how pfSense choose his IP to access to the server through IPsec. I already had a similar issue with others Firewall, they gave a command to set the IP the firewall should use to connect to a remote ldap server. Is pfSense able to do the same thing ?

    Regards,

    Alexandre.



  • For testing purposes what if you make all values in IPSec rule *



  • This is actually * (at least on the source)

    I can't see any trafic from the source pfsense on the remote pfsense.

    Seems like the source pfsense isn't sending the trafic on the IPSec tunnel at all when the trafic is originating from the default interface on the pfsense. Computer behind the source pfsense can't access properly to the remote network on the remote pfsense.

    I'm able to ping the LDAP server when i specified the LAN interface from the pfSense. But i can't when i'm using the default one see :

    DEFAULT :

    LAN interface :


  • Rebel Alliance Developer Netgate

    https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

    Same idea, just reverse direction. Might also be able to work around it with a P2 for Firewall WAN IP<->IP of LDAP server



  • This is totally what i needed.

    It works perfectly.

    :)

    Thanks for your reply jimp.